Re: NSE script contribution - dkron-discovery

[Ícaro Torres <icaro.redes.ifpb () gmail com>]

Hello David,

Sorry for the delay, I only was able to see the code right now, thanks a
lot for the revision and tips. Follows attached the new version of the
script.

Best regards.

Em qua., 4 de nov. de 2020 às 13:28, David Fifield <david () bamsoftware com>
escreveu:

> On Wed, Nov 04, 2020 at 09:12:56AM -0300, Ícaro Torres wrote:
> > I would like to contribute with the NSE script dkron-discovery. It will
> look
> > for the URI "/dashboard" in the port 8080 of the host running dKron
> service,
> > and if this is available it will grab the installed version.
> >
> > description = [[
> > Dkron is a system service for workload automation that runs scheduled
> jobs,
> > just like the cron unix service but distributed in several machines in a
> > cluster. Default TCP port is 8080.
> > ]]
> >
> > This could help pentesters or blue/purple teams to work with this kind of
> > exposure.
>
> Hi, thanks for this contribution. Here is some quick review.
>
> -- @args dkron-discovery.path The URL path to request. The default path is
> "/".
>   local http_response = http.get(host, port, "/dashboard")
>
> The doc comment doesn't match the code, and dkron-discovery.path is not
> used.
>
>   if string.match(http_response.rawbody, "Dkron %d.%d.%d") then
>     dkron_version = string.match(http_response.rawbody, "%d.%d.%d")
>
> You probably want to reuse the string.match result here, rather than
> doing it twice.
>
>     port.version.name = "dkron"
>
> I believe the convention is to use "http" for HTTP-based services.
>
>     dkron_response = "\n\tInstalled version: " .. dkron_version ..
> "\n\tDirectory /dashboard is accessible!"
>
> Tabs are not normally used for indentation in NSE output. You should
> probably use structured output for this display:
> https://nmap.org/book/nse-api.html#nse-structured-output
>
> But finally, this script is probably better done as a fingerprint for
> the http-enum script.
> https://nmap.org/nsedoc/scripts/http-enum.html
> See the file nselib/data/http-fingerprints.lua for examples of
> requesting a custom path and extracting a version number from the
> output. For example,
> --
> http://carnal0wnage.attackresearch.com/2015/02/cisco-asa-version-grabber-cve-2014-3398.html
> table.insert(fingerprints, {
>     category = 'security',
>     probes = {
>       {
>         path = '/CSCOSSLC/config-auth',
>         method = 'GET'
>       },
>     },
>     matches = {
>       {
>         match = '<version who="sg">([^<]+)</version>',
>         output = 'Cisco ASA, firmware \\1'
>       },
>     }
>   });


-- 

Ícaro Torres
Tecnólogo em Redes de Computadores - IFPB
Pós-Graduado em Segurança da Informação - faculdade IDEZ
Twitter: @IcaroTorres

Attachment: dkron-discovery.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/